Thursday, July 9, 2026

WolfSSL, GeoVision, VTK vulnerabilities

WolfSSL, GeoVision, VTK vulnerabilities

Cisco Talos’ Vulnerability Discovery & Research team recently disclosed three vulnerabilities in WolfSSF, fourteen in GeoVision, and one vulnerability in VTK-DICOM.

The vulnerabilities mentioned in this blog post have been patched by their respective vendors, in adherence to Cisco’s third-party vulnerability disclosure policy

For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence’s website.

WolfSSL vulnerabilities

Discovered by Ankur Tyagi of Cisco Talos.

WolfSSL aims to provide "lightweight and embedded security solutions" for both individual and business needs. WolfSSL is an open-source product to provide secure data transfer.

Talos discovered two improper input validation vulnerabilities (TALOS-2026-2409 (CVE-2026-28739) and TALOS-2026-2410 (CVE-2026-25106)) and one integer underflow vulnerability (TALOS-2026-2408 (CVE-2026-33091)) in WolfSSL.

GeoVision vulnerabilities

Discovered by Philippe Laulheret of Cisco Talos.

GeoVision specializes in security technologies, including cameras and monitoring solutions, access control, and machine-identification.

Talos released 14 advisories for GeoVision vulnerabilities, covering 37 CVEs:

  • TALOS-2026-2411 (CVE-2026-12488) memory corruption vulnerabilities
  • TALOS-2026-2379 (CVE-2026-12486, CVE-2026-12849, CVE-2026-12850, CVE-2026-12851) OS command injection vulnerabilities
  • TALOS-2026-2377 (CVE-2026-12485, CVE-2026-12846, CVE-2026-12847, CVE-2026-12848) buffer overflow vulnerabilities
  • TALOS-2026-2369 (CVE-2026-42370) stack overflow vulnerability
  • TALOS-2026-2333 (CVE-2026-7372, CVE-2026-42369) stack overflow vulnerabilities
  • TALOS-2026-2329 (CVE-2026-42368) privilege escalation vulnerability
  • TALOS-2026-2328 (CVE-2026-42367) privilege escalation vulnerability
  • TALOS-2026-2327 (CVE-2026-7371, CVE-2026-42366) reflected cross-site scripting (XSS) vulnerabilities
  • TALOS-2025-2326 (CVE-2026-42364) OS command injection vulnerability
  • TALOS-2025-2332 (CVE-2026-42365) guessable session cookie vulnerability
  • TALOS-2025-2322 (CVE-2026-7161) insufficient encryption vulnerability
  • TALOS-2026-2375 (CVE-2026-57273, CVE-2026-57274, CVE-2026-57275, CVE-2026-57276, CVE-2026-57277, CVE-2026-57278) stack-based buffer overflow vulnerabilities
  • TALOS-2026-2373 (CVE-2026-13131, CVE-2026-13132, CVE-2026-57264, CVE-2026-57265, CVE-2026-57266, CVE-2026-57267, CVE-2026-57268, CVE-2026-57269, CVE-2026-57270, CVE-2026-57271, CVE-2026-57272) out-of-bounds read vulnerabilities
  • TALOS-2026-2370 (CVE-2026-13125) lack of authentication vulnerability

VTK-DICOM vulnerability

Discovered by Emmanuel Tacheau of Cisco Talos.

The Virtualization Toolkit (VTK) is an open source software solution for handling scientific data, for use in tools for 3D rendering. The VTK-DICOM API is specifically to allow VTK users to parse Digital Imaging and Communications in Medicine (DICOM) medical data.

Talos found one vulnerability in VTK-DICOM, TALOS-2026-2366 (CVE-2026-22879), which is a heap-based buffer overflow vulnerability.



from Cisco Talos Blog https://ift.tt/2L9pcGk
via IFTTT

No comments:

Post a Comment